mirrors/mongodb
mirrors/mongodb
0
0
Fork 0
mirror of https://github.com/mongodb/mongo.git synced 2024-11-30 17:10:48 +01:00
Code Issues Releases Activity
4ae9ca6543
mongodb/jstests/libs
History
Jonathan Reams d24b2849eb
SERVER-42378 Validate python environment before config expansion timeout test
2019-07-26 10:28:46 -04:00
..
command_line SERVER-27549 Print message on intentional server crash. 2017-05-23 15:18:12 -04:00
config_files SERVER-40882 Restore the --noIndexBuildRetry server parameter flag and the storage.indexBuildRetry config file option 2019-05-22 09:22:39 -04:00
jstestfuzz SERVER-33633 Create jstestfuzz_interrupt and jstestfuzz_interrupt_replication suites to enable checkForInterrupt failpoint 2018-03-28 13:41:51 -04:00
openssl_config SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
override_methods SERVER-39576 Remove the 'doTxn' command 2019-07-02 17:27:17 -04:00
txns SERVER-38937 unify txn override and auto retry on network error 2019-04-04 11:03:50 -04:00
8k-prime.dhparam SERVER-24897 Configuration of DHE parameters. 2017-08-14 15:35:22 -04:00
analyze_plan.js SERVER-24860 Optimize away entire pipeline if it can be answered using a query 2019-04-03 12:19:22 +01:00
assert_schema_match.js SERVER-31335 cmd assertions check write errors 2018-01-11 10:47:49 -05:00
authTestsKey
backup_utils.js SERVER-39377 Make efficient hot backup work with enableMajorityReadConcern=false 2019-03-06 20:56:13 -05:00
badSAN.pem SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
ca.pem SERVER-14516 Brand new testing certificates 2014-07-26 13:22:04 -04:00
change_stream_util.js SERVER-41183 Add test suites for change streams with transactions 2019-06-14 18:31:40 -04:00
check_log.js SERVER-42091 Look for at least 2 log messages in flow_control_logging.js 2019-07-17 16:58:37 -04:00
check_unique_indexes.js SERVER-39471 Remove unique index FCV upgrade codepath 2019-07-10 18:39:02 -04:00
check_uuids.js SERVER-35131 Remove system.namespaces and system.indexes-specific UUID handling for 4.2 2018-07-03 13:44:16 -04:00
chunk_manipulation_util.js SERVER-35152 update tests for 4.0 2018-05-22 15:15:53 -04:00
cleanup_orphaned_util.js SERVER-23971 Clang-Format code 2016-05-28 17:55:12 -04:00
client_email.pem SERVER-34831 Add support for emailAddress in subject name 2018-05-07 11:35:41 -04:00
client_escape.pem SERVER-34413 Converting Certificate Subject Names to strings need to obey RFC 2253 2018-04-17 12:07:46 -04:00
client_privatekey.pem SERVER-35541 Support PKCS#8 PrivateKeyInfo in SChannel Provider 2018-06-11 23:32:42 -04:00
client_revoked.pem SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
client_roles.pem SERVER-34387 Create client_roles.pem test certificate with long expiration date 2018-04-10 16:55:20 -04:00
client_title.pem SERVER-34831 Add support for emailAddress in subject name 2018-05-07 11:35:41 -04:00
client_utf8.cnf SERVER-34413 Converting Certificate Subject Names to strings need to obey RFC 2253 2018-04-17 12:07:46 -04:00
client_utf8.pem SERVER-34413 Converting Certificate Subject Names to strings need to obey RFC 2253 2018-04-17 12:07:46 -04:00
client-all-the-oids.csr.in SERVER-35196 Map additional X509 OIDs 2018-06-05 21:55:10 -04:00
client-all-the-oids.pem SERVER-35196 Map additional X509 OIDs 2018-06-05 21:55:10 -04:00
client-custom-oids.csr.in SERVER-34735 Extract structured data from X509 subject names 2018-05-15 22:11:45 -04:00
client-custom-oids.pem SERVER-34735 Extract structured data from X509 subject names 2018-05-15 22:11:45 -04:00
client-multivalue-rdn.pem SERVER-34735 Extract structured data from X509 subject names 2018-05-15 22:11:45 -04:00
client-self-signed.pem SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
client.pem SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
cluster_cert.pem SERVER-14516 Brand new testing certificates 2014-07-26 13:22:04 -04:00
collection_drop_recreate.js SERVER-35919 Ensure all tests that use transactions perform collection drops with w:majority 2018-07-26 12:07:52 -04:00
command_sequence_with_retries.js SERVER-28590 Invoke validate command on collections before shutting down mongod in JS tests 2017-06-07 14:36:31 -04:00
crl_client_revoked.pem SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
crl_expired.pem SERVER-14516 Brand new testing certificates 2014-07-26 13:22:04 -04:00
crl.pem SERVER-14988 Replace expired CRL files 2014-08-21 10:18:04 -04:00
csrs_upgrade_util.js SERVER-38516 Tighten up tests that don't fail when not closing connections during stepdown bbut allow exceptions during stepdown 2019-02-12 11:07:46 -05:00
curop_helpers.js SERVER-41283 Added test that running stepdown on secondary does not lead to 3 way deadlock 2019-06-05 11:16:43 -04:00
cycle_detection.js SERVER-34293 Add test for atomicity and isolation of transactions. 2018-04-16 19:27:18 -04:00
database_versioning.js SERVER-41950 Flush database cache on primary shard when creating a database in the sharding catalog 2019-07-11 17:04:06 -04:00
dateutil.js SERVER-9406 treat ObjectId type as Date in aggregation date expressions 2017-06-12 16:40:44 -04:00
discover_topology.js SERVER-39269 flag gate sharded $lookup 2019-02-07 18:41:36 -05:00
ecdsa-ca.pem SERVER-36619 Test that ECDSA certificates can be loaded by OpenSSL on Linux 2018-11-02 18:46:38 -04:00
ecdsa-client.pem SERVER-36619 Test that ECDSA certificates can be loaded by OpenSSL on Linux 2018-11-02 18:46:38 -04:00
ecdsa-server.pem SERVER-36619 Test that ECDSA certificates can be loaded by OpenSSL on Linux 2018-11-02 18:46:38 -04:00
error_code_utils.js SERVER-38583 JS test fixes for write errors in transactions 2019-02-12 17:40:26 -05:00
expired.pem SERVER-14516 Brand new testing certificates 2014-07-26 13:22:04 -04:00
feature_compatibility_version.js SERVER-37074 Handle interrupted FCV downgrade in validate hook. 2018-11-30 17:40:49 -05:00
fixture_helpers.js SERVER-409050 auth test for searchBeta agg stage 2019-05-15 12:26:19 -04:00
fsm_serial_client.js SERVER-31774 New powercycle test option & task - setFeatureCompatibilityVersion 2017-11-07 10:12:33 -05:00
ftdc.js SERVER-36099 Trim FTDC connection pool stats 2019-05-21 16:35:25 -04:00
fts.js SERVER-23971 Clang-Format code 2016-05-28 17:55:12 -04:00
geo_math.js SERVER-31651 Allow minDistance option on geoNear command with 2d index. 2017-12-01 12:07:03 -05:00
geo_near_random.js SERVER-35043, SERVER-22949: move geoNear implementation into aggregation 2018-06-18 23:34:49 -04:00
get_index_helpers.js SERVER-24033 Write full index spec in oplog entry for index creation. 2016-09-14 20:49:17 -04:00
global_snapshot_reads_util.js SERVER-41050 Ban txnNumbers outside of transactions and retryable writes 2019-05-16 09:46:43 -04:00
host_ipaddr.js SERVER-29182: Add restriction support to the usersInfo command 2017-07-31 13:59:59 -04:00
index_bigkeys.js SERVER-36281 Test upgrade/downgrade behaviors for unlimited index key length 2018-08-21 23:06:50 -04:00
json_schema_test_runner.js SERVER-30647: Modify the 3rd party JSON Schema test suite to only test keywords supported by MongoDB 2017-09-18 17:35:58 -04:00
key1
key1_644 SERVER-20873 Add separate key file using 644 permission 2015-11-19 11:06:58 -05:00
key2
keyForRollover SERVER-37833 Retry internal auth with alternate key during keyfile rollover 2018-11-07 10:20:26 -05:00
kill_sessions.js Remove listLocalCursors 2018-10-12 09:45:05 -04:00
localhostnameCN.pem SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
localhostnameSAN.pem SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
mockkrb5.conf SERVER-28648: Disable DNS canonicalization of Kerberos principal names in tests 2017-08-07 10:42:47 -04:00
mockservice.keytab BUILD-824 Change mockservice keytab 2015-08-03 17:39:35 -04:00
mockuser.keytab BUILD-824 Switch KDCs for GSSAPI tests 2015-08-03 11:42:33 -04:00
mongodbauthorizationgrant.cnf SERVER-33549 Refactor OpenSSL to use common ASN.1 code and add test 2018-03-15 13:24:39 -04:00
mongoebench.js SERVER-35537 Create mongoebench for running benchRun against mobile. 2018-07-10 01:39:36 -04:00
mql_model_mongod_test_runner.js WRITING-2731 Build integration test running script for testing the mql-model command line tool 2018-06-09 08:56:32 -04:00
namespace_utils.js SERVER-29134: Support change streams on an entire database in a sharded cluster 2018-04-11 15:53:03 -04:00
not_yet_valid.pem SERVER-14516 Brand new testing certificates 2014-07-26 13:22:04 -04:00
parallel_shell_helpers.js SERVER-34615 Make UUIDCatalog updates for renameCollection atomic 2018-06-06 16:54:44 -04:00
parallelTester.js SERVER-41117 Blacklist autocomplete.js from parallel testing 2019-05-13 21:21:23 -04:00
password_protected.pem SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
pin_getmore_cursor.js SERVER-42216 Ensure pin_getmore_cursor.js waits for server to finish killing cursor 2019-07-19 16:32:44 -04:00
profiler.js SERVER-33135 Delete code for OP_COMMAND 2018-07-30 13:57:10 -04:00
python.js SERVER-42378 Validate python environment before config expansion timeout test 2019-07-26 10:28:46 -04:00
read_committed_lib.js SERVER-24623 Remove single document aggregation result option 2017-01-13 17:56:02 -05:00
README.ssl SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
retryable_writes_util.js SERVER-39702 Remove config server as transaction coordinator crutch from coordinator kill passthrough suite 2019-04-22 17:33:45 -04:00
rollover_ca_merged.pem SERVER-37835 Support rolling over X509 cluster auth certificates 2019-01-03 17:18:52 -05:00
rollover_ca.pem SERVER-37835 Support rolling over X509 cluster auth certificates 2019-01-03 17:18:52 -05:00
rollover_server.pem SERVER-37835 Support rolling over X509 cluster auth certificates 2019-01-03 17:18:52 -05:00
server_SAN2.pem SERVER-36895 updated SAN recognition for IP addresses on Mac and OpenSSL 2018-10-08 18:55:45 -04:00
server_SAN.pem SERVER-36895 updated SAN recognition for IP addresses on Mac and OpenSSL 2018-10-08 18:55:45 -04:00
server-intermediate-ca.pem SERVER-39217 SecureTransport with Intermediate CA 2019-03-01 16:06:08 +00:00
server-intermediate-ca.pem.sh SERVER-39217 SecureTransport with Intermediate CA 2019-03-01 16:06:08 +00:00
server-with-ip-san-2.csr.in SERVER-36895 updated SAN recognition for IP addresses on Mac and OpenSSL 2018-10-08 18:55:45 -04:00
server-with-ip-san.csr.in SERVER-36895 updated SAN recognition for IP addresses on Mac and OpenSSL 2018-10-08 18:55:45 -04:00
server.pem SERVER-40841 Re-issue invalid test certificates 2019-05-20 15:59:18 -04:00
sessions_collection.js SERVER-37624 Allow sessions collection TTL index expiration value to change upon node restart 2018-11-02 09:39:31 -04:00
smoke.pem SERVER-14516 Brand new testing certificates 2014-07-26 13:22:04 -04:00
specific_secondary_reader_mongo.js SERVER-32883 Add concurrency_replication_causal_consistency suite 2018-05-23 18:01:13 -04:00
splithorizon-ca.pem SERVER-40643 SERVER-40645 Add jstests that test the split horizon feature 2019-05-21 12:40:03 -04:00
splithorizon-server.pem SERVER-40643 SERVER-40645 Add jstests that test the split horizon feature 2019-05-21 12:40:03 -04:00
ssl_test.js SERVER-40598 Set timeout on SSL mixed_mode_repl test 2019-04-22 15:39:29 +00:00
stats.js SERVER-23976 SERVER-26812 fix clang format 2016-11-03 17:01:20 -04:00
storage_engine_utils.js SERVER-42129 modifies test to account for ephemeralForTest engine's missing oplog after restart. 2019-07-24 13:52:17 -04:00
test_background_ops.js SERVER-26952: Cache SCRAM-SHA-1 ClientKey 2017-02-02 17:48:07 -05:00
testconfig SERVER-17590 disallow --fastsync with replica sets 2015-03-17 11:06:11 -04:00
trace_missing_docs.js SERVER-23920 Disallow --master/--slave with --shardsvr 2016-07-28 11:52:33 -04:00
transactions_util.js SERVER-41917 Copy Date and Timestamp objects correctly in network_error_and_txn_override.js 2019-06-27 11:42:45 -04:00
trusted-ca.pem SERVER-23044 Fall back to system CA certs if CA file isn't provided 2016-04-04 14:40:14 -04:00
trusted-client.pem SERVER-23044 Fall back to system CA certs if CA file isn't provided 2016-04-04 14:40:14 -04:00
trusted-client.pfx SERVER-32979 Windows Certificate Selectors 2018-03-23 11:28:17 -04:00
trusted-server.pem SERVER-23044 Fall back to system CA certs if CA file isn't provided 2016-04-04 14:40:14 -04:00
trusted-server.pfx SERVER-34139 Add certificate selector for Apple for SecureTransport 2018-04-02 19:58:23 -04:00
uuid_util.js SERVER-29760 propagate UUID from primary shard to config server on shardCollection 2017-08-01 15:15:50 -04:00
write_concern_util.js SERVER-41780 always wait for write concern on prepareTransaction retries 2019-06-25 13:14:41 -04:00

README.ssl 

rollover_*.pem are certificates and a CA used to test rolling over X509 cluster authentication

# Generate the root CA certificate:
openssl genrsa -out rollover_ca.key 4096
openssl req -key rollover_ca.key -new -x509 -days 3650 -out rollover_ca.pem \
    -subj '/CN=Kernel Rollover Test CA/OU=Kernel/O=MongoDB\, Inc./L=New York/ST=New York/C=US' \
    -addext "keyUsage = critical, digitalSignature, cRLSign, keyCertSign"

cat rollover_ca.pem ca.pem > rollover_ca_merged.pem
cat rollover_ca.key >> rollover_ca.pem
rm rollover_ca.key

# Generate the server key and cert:
openssl genrsa -out rollover_server.key 2048
openssl req -new -key rollover_server.key -days 3650 -out rollover_server.csr \
    -subj '/CN=server/OU=Kernel (Rollover)/O=MongoDB\, Inc. (Rollover)/L=New York/ST=New York/C=US/'

# Sign the new server cert and clean up
openssl x509 -req -days 3650 -in rollover_server.csr -CA rollover_ca.pem -CAcreateserial \
    -out rollover_server.pem -sha256 -extfile <(printf "subjectAltName=DNS:localhost,DNS:127.0.0.1")
cat rollover_server.key >> rollover_server.pem
rm rollover_server.key
rm rollover_server.csr
rm rollover_ca.srl

---------------------------

client-self-signed.pem represents the same RDN as client.pem, but using itself as a CA:

openssl req -nodes -new -subj '/CN=client/OU=KernelUser/O=MongoDB/L=New York City/ST=New York/C=US' -out css.csr -keyout css.rsa
openssl rsa -in css.rsa -out css.key
openssl x509 -in css.csr -out jstests/libs/client-self-signed.pem -req -signkey client-self-signed.key -days 3650
cat css.key >> jstests/libs/client-self-signed.pem
rm css.{csr,rsa,key}

---------------------------
client-multivalue-rdn.pem represents the same RDN as client.pem, but grouping some elements together:

openssl req -new -nodes -subj '/CN=client+OU=KernelUser+O=MongoDB/L=New York City+ST=New York+C=US' -multivalue-rdn \
            -keyout client-multivalue-rdn.key -out client-multivalue-rdn.csr
openssl rsa -in client-multivalue-rdn.key -out client-multivalue-rdn.rsa
openssl x509 -in client-multivalue-rdn.csr -out client-multivalue-rdn.pem -req -CA ca.pem -days 3650 -CAcreateserial
cat client-multivalue-rdn.rsa >> client-multivalue-rdn.pem
rm ca.srl client-multivalue-rdn.key client-multivalue-rdn.rsa client-multivalue-rdn.csr

---------------------------
ecdsa-*.pem are ECDSA signed certificates:

generate an ec-key (from a well known curve)
openssl ecparam -name prime256v1 -genkey -out mykey.key

create certificate request
openssl req -new -key mykey.key -out mycsr.csr

sign key and generate certificate
openssl x509 -req -days 3650 -in mycsr.csr -CA ecdsa-ca.pem -CAcreateserial -out mycrt.crt -sha256

to include SANs in the certificate, instead run
openssl x509 -req -days 3650 -in mycsr.csr -CA ecdsa-ca.pem -CAcreateserial -out mycrt.crt -sha256 -extfile <(printf "subjectAltName=DNS:localhost,DNS:127.0.0.1")

combine key and certificate
cat mycrt.crt mykey.key > mycrt.pem

---------------------------
How to generate a certificate with a custom extension:

1. Generate a normal certificate signing request without an extension
2. Make a copy of the system openssl.cnf and append this text to the file
    On Redhat/Fedora, openssl.cnf is in /etc/pki/tls

See jstests\libs\mongodbauthorizationgrant.cnf for how to generate the text with the
'openssl asn1parse' command.

[MongoDBAuthorizationGrant]
1.3.6.1.4.1.34601.2.1.1 = DER:312B300F0C066261636B75700C0561646D696E30180C0F72656164416E7944617461626173650C0561646D696E

3. Sign the certificate and add the custom extension
4. Make a new pem with the certificate and key

Example Commands
----------------
openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout roles.key -out roles.csr

Example with subject name:
openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout roles.key -out roles.csr -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=KernelUser/CN=client/emailAddress=example@mongodb.com"

openssl x509 -req -sha256 -in roles.csr -days 3650 -out roles.pem -extfile openssl.cnf -extensions MongoDBAuthorizationGrant -CA jstests/libs/ca.pem -CAcreateserial

openssl rsa -in roles.key -out roles2.key

cat roles.pem roles2.key > roles_final.pem


Example Commands for UTF-8
--------------------------
openssl req -new -utf8 -nameopt multiline,utf8  -config .\jstests\libs\client_utf8.cnf -newkey rsa:2048 -nodes -keyout roles.key -out roles.csr

Generating other certificates
-----------------------------

The openssl_configs directory contains the openssl config files to create/sign certificates from the
test CA. There is one config file per certificate. As an example, to generate server.pem:

Reset the CA state with fresh directories and a new serial
$ mkdir ca_state
$ echo '01' > ca_state/serial
$ touch ca_state/index.txt

Create the CSR for the server certificate from its config (this will also generate server.key)
$ openssl req -new -config openssl_config/server.cnf -out server.csr

Sign the certificate with the CA (this will update ca_state and output the certificate as server.pem)
$ openssl ca -config openssl_config/ca.cnf -out server.pem -in server.csr

Concatenate the server key into the certificate you just generated
$ cat server.key >> server.pem

Clean up - we don't keep the ca_state around
$ rm -rf ca_state server.key server.csr

Generating CRLs
---------------

Issue your certificate using the ca config above and then revoke it/create a CRL file:

Reset the CA state with fresh directories and a new serial
$ mkdir ca_state
$ echo '01' > ca_state/serial
$ touch ca_state/index.txt

Create the CSR for the server certificate from its config (this will also generate server.key)
$ openssl req -new -config openssl_config/client_revoked.cnf -out client_revoked.csr

Sign the certificate
$ openssl ca -config openssl_config/ca.cnf -out client_revoked.pem -in client_revoked.csr

Revoked the certificate
$ openssl ca -config openssl_config/ca.cnf -revoke client_revoked.pem

Generate the CRL
$ openssl ca -config openssl_config/ca.cnf -gencrl -out crl_client_revoked.pem

Concatenate the revoked certificate
$ cat client_revoked.key >> client_revoked.pem

Clean up
$ rm -rf ca_state client_revoked.key client_revoked.csr